DOPPELPAYMER Ransomware

Written by Brendan Smith
The Doppelpaymer ransomware encrypts all user’s data on the local network (photos, documents, excel tables, music, videos, etc), adds its specific extension to every file. It is known that cyber criminals use DoppelPaymer in targeted attacks. Additional password-stealing trojans can be installed together.
GridinSoft Anti-Malware Review

GridinSoft Anti-Malware

Removing computer viruses manually may take hours and may damage your PC in the process. I recommend you to download GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day trial available for threats removal.
EULA | Privacy Policy | GridinSoft

What is “Doppelpaymer”?

☝️ Doppelpaymer can be correctly identify as a ransomware-type infection.

DOPPELPAYMER ransomware encrypts user data with a combination of AES-256 and RSA-2048 and then demands a 2 BTC ransom to get the files back. There are also buyouts with a larger amount of 40 and 100 BTC. Original title: Identifies itself as Bit paymer. The file says: SpotLife WebAlbum Service Plugin and WASpotLife.DLL.

DoppelPaymer ransomware can publish stolen data in order to increase pressure on the victim (hence the additional name – publisher). To do this, ransomware operators start stealing data even before encrypting files with software (doxware). These ransomware actions were reported in the media:

Cybercriminals use DoppelPaymer in targeted attacks: specific companies or industries!

Inside of the ransom note, there is usually an instruction saying about purchasing the decryption tool. This decryption tool is created by ransomware developers.

Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorythm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
	DO NOT RESET OR SHUTDOWN - files may be damaged.
	DO NOT RENAME OR MOVE the encrypted and readme files.
	DO NOT DELETE readme files.
	DO NOT use any recovery software with restoring files overwriting encrypted.
	This may lead to the impossibility of recovery of the certain files.
To get info (decrypt your files) contact us at your personal page:
	1. Download and install Tor Browser: https://www.torproject.org/download/
	2. After a successful installation, run the browser and wait for initialization.
	3. Type in the address bar:
		http://2anwyjsh7qgbuc5i.onion/order/f6940a89-8faa-11e9-84dc-bba3fe1360a9
	4. Follow the instructions on the site
	5. You should get in contact in 48 HOURS since your systems been infected.
	6. The link above is valid for 7 days.
	   After that period if you not get in contact
	   your local data would be lost completely.
The faster you get in contact - the lower price you can expect.
Here is a summary for the Doppelpaymer:
Development INDRIK SPIDER or someone who came out of this group.
Extension .doppeled
Leaks http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion
Ransom 2 BTC
Twitter https://twitter.com/DoppelPaymer
E-mail btpsupport@protonmail.com
Detection1 Trojan:Win32/Glupteba.RQ!MSR, Win32:InjectorX-gen [Trj], Zusy.349874
Symptoms Your files (photos, videos, documents) have a .doppeled extension and you can’t open it.
Dopple Leaks site for publishing leaks

Dopple Leaks site for publishing leaks

Frequently Asked Questions

🤔 How can I open “.doppeled” files?


No way. These files are encrypted by Doppelpaymer ransomware. The contents of .doppeled files are not available until they are decrypted.

🤔 Doppelpaymer files contain important information. How can I decrypt them urgently?


If your data remained in the .doppeled files are very valuable, then most likely you made a backup copy.
If not, then you can try to restore them through the system function – Restore Point.

🤔 What can I do right now?


You can try to find a copy of an original file that was encrypted:

  • Files you downloaded from the Internet that were encrypted and you can download again to get the original.
  • Pictures that you shared with family and friends that they can just send back to you.
  • Photos that you uploaded on social media or cloud services like Carbonite, OneDrive, iDrive, Google Drive, etc)
  • Attachments in emails you sent or received and saved.
  • Files on an older computer, flash drive, external drive, camera memory card, or iPhone where you transferred data to the infected computer.

Also, you can contact the following government fraud and scam sites to report this attack:

To report the attack, you can contact local executive boards. For instance, if you live in USA, you can have a talk with FBI Local field office, IC3 or Secret Service.

How сan I avoid ransomware attack?

Doppelpaymer ransomware doesn’t have a superpower.

You can easily protect yourself from its injection in several easy steps :

  • Ignore all emails from unknown mailboxes with a strange unknown address, or with content that has likely no connection to something you are waiting for (can you win in a lottery without taking part in it?). If the email subject is likely something you are waiting for, check carefully all elements of the suspicious letter. A fake email will surely contain a mistake.
  • Do not use cracked or untrusted programs. Trojans are often distributed as a part of cracked software, possibly under the guise of “patch” which prevents the license check. But untrusted programs are very hard to distinguish from trustworthy software, because trojans may also have the functionality you need. You can try to find information about this program on the anti-malware forums, but the best solution is not to use such programs.
  • And to be sure about the safety of the files you downloaded, use GridinSoft Anti-Malware. This program will surely be a perfect shield for your personal computer.

I need your help to share this article.

It is your turn to help other people. I have written this guide to help people like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan Smith
How to Remove DOPPELPAYMER Ransomware & Recover PC

Name: DOPPELPAYMER Virus

Description: DOPPELPAYMER Virus is a ransomware-type infections. This virus encrypts important personal files (video, photos, documents). The encrypted files can be tracked by a specific .doppeled extension. So, you can't use them at all.

Operating System: Windows

Application Category: Virus

Sending
User Review
3.78 (9 votes)
Comments Rating 0 (0 reviews)

References

  1. Encyclopedia of threats.

About the author

Brendan Smith

Journalist, researcher, web content developer, grant proposal editor. Efficient and proficient on multiple platforms and in diverse media. Computer technology and security are my specialties.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.